Errors leak potentially secret information #11
Description
The errors thrown by this module include the request, options and response details.
These objects tend to carry sensitive information like Authorization headers and POST parameters which could contain passwords. Given that the functions calling request-promise should have all of the request context, I contend the potential security exposure is not worth the convenience of having this information on the error objects.
Consider, for instance, generic JSON logging of errors. It would be quite easy to leak passwords into log files. Unfortunately, this security threat is insidious in nature since it will only present itself under error circumstances. In other words, leaks are likely to go unnoticed until long after the software is running in production.